Overview

overview

10

Static

static

10

a18b7cb1fe...62.exe

windows7_x64

10

a18b7cb1fe...62.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a18b7cb1fe97912ffc3e38d76ccc0462.exe

  • Size

    88KB

  • MD5

    a18b7cb1fe97912ffc3e38d76ccc0462

  • SHA1

    c5908c111223d69f532973643381983ba385c1c1

  • SHA256

    2d5e2831e24496bd74a7a2317f824657905cdadaeb00f5c6e33e9b75c5231a2f

  • SHA512

    d92025f6eb3ab4a594113813284361694ce1b78cfd513d88f4ea842ea7d37c91976066b33089c4da048e39cc4c65654637d2a14138327df40f89d4bb0963be1c

Score
10/10
otwjgzblacknet

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

OTwjgZ

C2

http://54.237.66.139

Mutex

BN[a4bfa882efc194e2bcd370ea]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    19eb68018edbdeae69b26450d3d0915f

  • startup

    false

  • usb_spread

    false

Signatures

  • BlackNET Payload 1 IoCs
  • Blacknet family
    blacknet
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Files

  • a18b7cb1fe97912ffc3e38d76ccc0462.exe
    .exe windows x86